If They're Phishing Don't Get Caught
inJanuary 31, 2008 - 12:51pm
A very good PayPal spoof email was reported recently. Fortunately, the recipient immediately detected it, but would you? Do you know what to look for? Do you know what to do - what not to do? One of the big problems with Internet email today is there is no one consistently reliable authentication procedure available for filtering out “bad” email. Which means anyone can send an email message and make it look as if it came from any email address they wish. When this email is received, there is no way for the recipient to verify whom the sender is, and this sets up unsuspecting email recipients to be exploited by ill intentioned people. Most experienced Internet users are aware and watchful for spoof or "phishing" email messages but even if you feel your answers would be 'Yes' to the questions posed above it never hurts to review, so read on.
Phishing or Spoof Email
Date: 26 Feb 2007 07:14:28 -0000
What you are presented with is a fancy email message, complete with Citibank graphics and logos. In fact, the email message may even be constructed so the graphics actually come directly from the official Citibank web site. (The following message was taken verbatim from an actual “spoof” email.)
We recently reviewed your account and suspect that your CitiBank Account may have been accessed by an unauthorized third party. Protecting the security of your account and of the CitiBank Network is out primary concern. Therefore, as a preventative measure we have temporarily limited access to sensitive CitiBank Account Features.
Click The link below in order to regain access to your Citi Cardmembers Account, simply:
Update Your Account
NOTE : Please ignore this message if you're not Debit Citi Cardmembers.
Account Online Management
HAVE QUESTIONS ABOUT YOUR ACCOUNT?
Please sign-on at (here the scam email might contain a legitimate link to the Citibank web site) and choose Contact Us from the Help/Contact Us menu. Then select the Send New Message link under Write to Customer Care. You can also call the Customer Service phone number on the back of your card.
WE ARE COMMITTED TO YOUR PRIVACY
© 2004 Citibank
Even though the above email contains some spelling errors (a sign an email may not be legitimate) it is a good example of a “phishing” email. Why? Because it contains legitimate links that would put some people at ease and thus fool the receiver into thinking it is a legitimate email, even with the spelling errors.
Don't be Fooled!
From firstname.lastname@example.org Mon 26 Feb 2007 11:54:55 2007
Keep in mind, a real return email address may be inserted into the 'From' field to fool the reader into thinking the email is legitimate. A scammer isn't looking to receive an email reply from you. They don't want to correspond. All they want is for you to click on the link in the email, which will take you to their Web site (not Citibank's), where you will be instructed to enter your password and/or other important personal information.
The only single piece of information that cannot be forged in an email is the first IP address listed in the Received: headers. In this case, it's 18.104.22.168, or mail.bos55.com. PLEASE DON'T GO TO THIS WEB SITE! But as you can see, this is not a legitimate email message from Citibank. In fact, it's even possible for forged Received headers to be inserted, but not in the first Received: header. The spoof PayPal email we referenced in the introduction actually originated from a foreign website, not from the PayPal US site. The shop owner had checked the headers of the email and immediately noticed it was not legitimate.
The "Update Your Account" link that scammers like to include in an email may take you to a site that is made to look like a Citibank page, where you are instructed to “verify” your account information and are requested to enter sensitive information relating to your account. If you enter your account information you have now given over important sensitive information about yourself and your account to an illegitimate third party, who can use the information to perpetuate a fraud, such as extracting funds from your account, or calling Citibank, posing as you with the credentials to back up their identity, and gain access to your account.
Any time you are sent an email regarding a payment or a 'problem' in your PayPal account, do not click on a link in that email. Instead, go to the PayPal site either through a bookmark on your computer, or open a new browser window and type in the site's secure URL (https://www.paypal.com). Then log into your PayPal account as you normally would and check your account to see if there has been any unusual activity involving a payment or other issue noted in the spoof email. If there isn't or if you suspicious of the email, access the PayPal Security Center on the PayPal site and select the appropriate link and follow their instructions for reporting a possibly fraudulent email. The PayPal Security Center has a tremendous amount of security information including “fraud-fighting tips, tools, and technology.”
The federal government also has site OnGuardOnline.gov with information to help you “guard against Internet fraud, secure your computer, and protect your personal information”, which can be found at the following link: http://onguardonline.gov/index.html